This isn't something that should be on his home pages. It is causing a security warning to show up in browsers which says that his website is a virus/infected site. How did this get there? He has FTP access and both files changed on 11/5/2011 at about the same time. Could he have a virus which changed his local index.htm files and he uploaded them unknowingly? Could a virus use his saved FTP information to log in and change the files without him knowing?

The reason I am assume it originated from his machine is because I have over 500 other index.htm files on my server and none of them were affected. Only the two index.htm files which are accessible through his FTP account.